John PescatoreI’m here at Gartner Mobile/Wireless conference in San Diego. On Tuesday, of about 16 presentations by Gartner analysts (many others by user cases studies and vendor pitches) we had these four sessions:
- “Managing ‘Bring Your Own Computer to Work’ ” – Leslie Fiering
- “Securing Unsecurable People” – John Girard
- “Embracing Consumerization” – David Smith
- “How to Securely Use Consumer-grade IT” – John Pescatore
At first glance it looks like a lot of duplication, but in reality it represents one of the top struggles security folks are going through: users are demanding to use their Macbooks or Android phones or iPads or Facebook or home PC to get their job done, because they believe they are more productive than using all that boring, managed hardware and software IT foists on them. In reaction, CIOs are smelling a rare opportunity to reduce capital spending and make users happier (sure, use your own stuff!) – what’s not to like about this trend??
Well, there are just a few little security issues to deal with….
But the first reaction of many security groups is attack the demand, trying to argue that use of consumer devices and services is not authorized, does not increase productivity, don’t do it. That is a losing strategy. First off, it is IT’s job to argue that side of things, if it is going to be argued. Security’s job is to make sure the IT that is used is as secure as possible and that all risks that can not be mitigated are identified and accepted by the business side. Security’s job is not to make technology decisions, let alone decide what technologies do or do not increase productivity.
If sales people feel they will close more deals using iPads, they probably will – it is like Dumbo’s little feather. Turns out Dumbo really didn’t need that feather to fly, but rather than waste the entire movie convincing him that, the cricket (or whatever cute little Disney animal that was advising Dumbo) gave him the feather and ran around underneath to catch him if he fell.
Mark Nicolett and I did a Gartner research note on “Choosing the Optimal Security Approach for the Use of Consumer IT” that goes through a methodology for moving from a “Block” strategy to a “Contain” strategy to an “Embrace” approach as new technologies go through their inevitable path along the Hype Cycle. There’s not a single example of IT or IT security ever actually keeping a new technology out in the long run (well, maybe we can take credit for the demise of the blinking URL tag…) – you can’t fight Dumbo’s magic feather.
Category: Uncategorized Tags:
1 response so far ↓
1 The Myth of the Responsible User (contd): Choosing Between Reading Regulatory Submissions or Surfing the Spice Channel April 26, 2010 at 7:40 am
[...] maybe those SEC folks will argue they are more productive if they take “porn breaks” but the math is against them. While there is often an [...]
Leave a Comment